Unrated severityNVD Advisory· Published Dec 29, 2010· Updated Apr 29, 2026

CVE-2010-4604

Description

Stack-based buffer overflow in the GeneratePassword function in dsmtca (aka the Trusted Communications Agent or TCA) in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.2.10, and 6.1.x before 6.1.3.1 on Unix and Linux allows local users to gain privileges by specifying a long LANG environment variable, and then sending a request over a pipe.

Affected products

IBM/Tivoli Storage Manager
cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*
Range: >=5.3.0,<=5.3.6.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/15745nvdExploitThird Party AdvisoryVDB Entry
www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca-exploit.cnvdBroken LinkExploit
secunia.com/advisories/42639nvdBroken LinkVendor Advisory
securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
www.ibm.com/support/docview.wssnvdBroken LinkVendor Advisory
www.securityfocus.com/archive/1/515263/100/0/threadednvdBroken LinkThird Party AdvisoryVDB Entry
www.vupen.com/english/advisories/2010/3251nvdBroken LinkVendor Advisory
www-01.ibm.com/support/docview.wssnvdBroken Link
www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca.txtnvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000